Browsing category
Local files exposed to hackers Enterprise network security experts from the International Institute of Cyber Security report that Microsoft has patched a critical vulnerability in its Edge browser that could be used against previous versions of software to steal files located in a user’s computer. The good news is that the possible exploitation of the vulnerability […]
The company recently announced this one of a kind bounty program Last Tuesday, HP announced a bug finding reward program that offers hackers and enterprise network security investigators up to $10K if they can find security flaws in the printers the company manufactures. This is the first printing hardware security flaw bounty program for industry, according to […]
Researchers found 20 flaws in Samsung’s SmartThings Hub controller – opening up supported third-party smart home devices to attack. Researchers found 20 vulnerabilities in Samsung’s SmartThings Hub, allowing attackers to control smart locks, remotely monitor the home via connected cameras and perform other alarming functions. Cisco Talos researchers, who published a technical breakdown of the vulnerabilities […]
This camera can be purchased in both large commercial chains and online stores According to reports from experts in enterprise data protection services, a popular wireless security camera designed to monitor businesses and households is vulnerable to espionage attacks. Thanks to this failure it was possible to hijack video and audio transmitted from the properties of […]
This is the first vulnerability in a serverless platform being publicly disclosed International Business Machines Corporation (IBM) researchers have solved a critical vulnerability present in their cloud functions which, if exploited, would allow malicious hackers to remotely replace the serverless code of the company and install its own code development, as reported by enterprise data protection services experts […]
For the last 13 years, Zero Day Initiative (ZDI) has purchased lots of bug reports for their publication. According to reports of enterprise data protection services experts, only in the first half of this year, ZDI has published 600 reports, and the number keeps increasing. An advantage of buying so many bug reports is that researchers can […]
The issue has shot alert even in the U.S. Congress CPU manufacturers face two new variations of Specter’s lateral channel attack vulnerabilities, following a series of investigations by experts in enterprise data protection services. Like its predecessors, these last two vulnerabilities arise during the speculative execution process, with the difference that none of them resolves with recently […]
The company also patched three medium-security flaws in its network security systems Several customers may be affected by a high-security flaw discovered on Cisco’s Voice over Internet Protocol (VoIP) services. The manufacturer released an update patch last Wednesday. Cisco also fixed two medium-security flaws on its FireSIGHT management platform for network security, and a medium-security problem in […]
Siemens warns of the presence of six vulnerabilities in some of its SICLOCK central clocks, which synchronize the time in industrial environments, as reported by specialists in pentest from the International Institute of Cyber Security. “In case of failure or loss of reception from the primary time source, the central clock of the plant ensures […]
The company requests the concerned users to contact them directly. Users report that a bug present in several models of Samsung smartphones makes their photos being sent by message to their stored contacts. The problem is affecting the most recent models, including the Samsung Galaxy Note 8 and the Galaxy S9, and the problem seems to find […]
A group of pentest researchers has demonstrated ability to passively identify session details and perform hijacking, allowing phishing attacks. According to the International Institute of Cyber Security, researchers have found vulnerabilities in LTE standards, which leave users vulnerable to possible attacks, such as determining user identities, determining which websites accessed a particular user and modify DNS traffic, […]
The sale of zero-day exploits is a very profitable business that most people completely ignore. The International Institute of Cyber Security talks about this practice using the example of Zerodium, a zero-day broker. According to the company itself, Zerodium offers rewards to information security and pentest investigators to acquire its original zero-day vulnerability investigations that affect major operating systems, […]
During one of my engagements, I discovered some Windows devices that were affected by the MS17-010vulnerability. One of these devices caught my attention as it’s something I haven’t encountered yet – a Windows Embedded operating system. Since it’s vulnerable to MS17-010, I immediately tried the relevant Metasploit modules. However, none of them worked. All I got was just […]
A severe vulnerability affecting CISCO ASA and Firepower devices is being exploited after an exploit was released online, as revealed by late pentest. According to reports from the company itself and the International Institute of Cyber Security, the Cisco security team is aware of a public proof-of-concept exploit and has alerted its users about the […]
After issuing a patch, users are encouraged to make sure they are using the latest version of the browser. According to reports of experts in information security training from the International Institute of Cyber Security, a Google developer has discovered a serious vulnerability that affects Microsoft Edge and other browsers, and that could provide […]
TL;DR Following the wrong link could allow remote attackers to control your WiFi router, Google Home, Roku, Sonos speakers, home thermostats and more. The home WiFi network is a sacred place; your own local neighborhood of cyberspace. There we connect our phones, laptops, and “smart” devices to each other and to the Internet and in turn […]
Cisco, a company dedicated to manufacturing telecommunications devices, launched patches for 34 failures in its software, including solutions for five critical vulnerabilities of arbitrary code execution in its operating system. Reports from information security specialists argue that critical flaws were rated with 9.8 out of 10 on the CVSS scale. Four of these vulnerabilities affect Cisco’s […]
Cisco released patches for 34 vulnerabilities affecting multiple products that include 5 critical vulnerabilities, 20 High severity vulnerabilities and 9 medium level vulnerabilities. Critical Vulnerabilities Cisco patched 5 critical Vulnerabilities in FXOS and NX-OS Software that allows attackers to execute a remote arbitrary code that causing a buffer overflow, denial of service (DoS), to read […]
Information technology and information security training experts have found a strange and maybe dangerous flaw in the privacy of these devices that could filter their location to potential attackers. In simple terms, this failure would allow web sites to gather the exact geographical location of users of these devices, executing a malicious script. Google, on […]
An arbitrary file-overwrite vulnerability affects a large number of projects, researchers reveal. The flaw, known as Zip Slip by information security training experts that have analyzed it, has already been seen in the past, but never on a scale as large as now. Zip Slip is some kind of transversal directory that can be used by […]
Since our last report on exploit kits, there have been some new developments with the wider adoption of the February Flash zero-day, as well as the inclusion of a new exploit for Internet Explorer. We have not seen that many changes in the drive-by landscape for a long time, although these are the results of improvements closely tied to […]